While trying to learn what an "anti-virus" program does (specifically), I came across this:

Known computer viruses grew by 28,327 in 2004 to bring the number of old and new viruses to 112,438, according to IBM.
(from http://www.aladdin.com/home/csrt/statistics/statistics_2005.asp)

How many viruses exist today in 2006? Do "anti-virus" programs check for all of them?

(or...how many virus "signatures" are in the Clam db?)

Thanks!

alch

Site Admin

Joined: 27 Nov 2005

Posts: 1751

Posted: Sun Aug 06, 2006 10:11 am

Quote:

(or...how many virus "signatures" are in the Clam db?)

Please open clamwin and go to help-about - this information is listed there.

todd

Joined: 03 Aug 2006

Posts: 4

Posted: Sun Aug 06, 2006 11:06 am

alch wrote:

Quote:

(or...how many virus "signatures" are in the Clam db?)

Please open clamwin and go to help-about - this information is listed there.

Is there a reason why you can't answer directly?

alch

Site Admin

Joined: 27 Nov 2005

Posts: 1751

Posted: Sun Aug 06, 2006 11:35 am

Quote:

Is there a reason why you can't answer directly?

Because this number is constantly increasing and it is relatively easy to find it out using clamwin application.

changlinn

Joined: 17 Aug 2006

Posts: 4

Posted: Fri Aug 18, 2006 12:46 am

Checking mine it says it protects from 65656 viruses, taking into account todd's 112,438 viruses in 2005 and probably and increase this year possibly offset by patches to fix vunerabilities and there is still a pretty big gap.
Not that I have had a virus in my testing environment that clam hasn't found (well actually there was one, a real new one, and by the time I sent the email off it had already been included in the latests sig).
So why the huge disparity, is it because IBM counted variants and clam doesn't, is it because some variants can be found with the same signature?

So why the huge disparity, is it because IBM counted variants and clam doesn't, is it because some variants can be found with the same signature?

Let's cross our fingers...

alch

Site Admin

Joined: 27 Nov 2005

Posts: 1751

Posted: Wed Aug 23, 2006 11:05 am

I can just say that the the number of detected virus variants is not a good indicator for an antivirus effectiveness. Just a few reasons:
* some virus variants counted as one in ClamAV are counted as many in other products and vice versa
* ClamAV database is being populated since 2002 and othe comnmercial AV vendors do that since 1996 or even earlier. They count old DOS viruses that are harmless in Windows.

THE most important factor is quickly the new vireus is included in the database and identified. CalmAv is quite good at that. Some googling will give the stats.

lwc

Joined: 17 Apr 2006

Posts: 69

Posted: Wed Aug 23, 2006 10:17 pm

Quote:

They count old DOS viruses that are harmless in Windows.

How so exactly? If I can create a batch file to delete your hard drive, you're telling me it's better then them?

sherpya

Joined: 22 Mar 2006

Posts: 898

Location: Italy

Posted: Wed Aug 23, 2006 11:09 pm

the scanning time decreases when number of signatures increases so you should also take this in count

alch

Site Admin

Joined: 27 Nov 2005

Posts: 1751

Posted: Wed Aug 23, 2006 11:17 pm

lwc wrote:

How so exactly? If I can create a batch file to delete your hard drive, you're telling me it's better then them?

I never implied that a a batch file is a DOS only virus. I was talking about a DOS executable format that does not run or does no harm on windows.

lwc

Joined: 17 Apr 2006

Posts: 69

Posted: Thu Aug 24, 2006 6:50 am

Quote:

I never implied that a a batch file is a DOS only virus. I was talking about a DOS executable format that does not run or does no harm on windows.

Other than system files (e.g. command.com, keybd.com, etc.), I've never seen simple DOS files that won't launch in Windows (you know, in the same way Windows files don't launch in Dos). I say simple because a virus isn't a game or a full scaled application. It's just meant to cause havoc by messing with or deleting files and I don't see how that wouldn't work in Windows.

alch

Site Admin

Joined: 27 Nov 2005

Posts: 1751

Posted: Thu Aug 24, 2006 7:47 am

most DOS viruses use direct interrupt access that does not work in Windows, you get a VDM error instead.

Virus Batch Files

GuitarBob

Joined: 09 Jul 2006

Posts: 4410

Location: USA

Posted: Thu Aug 24, 2006 12:38 pm

Why don't you create an executable batch file to del c:*.* or format c: then, and see if it wipes out your own hard drive? If it does, then you can tell us you've added one more virus to the 112,000!

As you get farther away from the early Windows versions (and DOS), batch files aren't needed. I do notice, however, that my AVG seems to go into DOS when it initially boots up.

I haven't seen a boot virus in some time.

Regards,

changlinn

Joined: 17 Aug 2006

Posts: 4

Posted: Mon Aug 28, 2006 10:51 am

I don't really care about the effectiveness of viruses on windows, I tend to use Linux and don't run anything as root, so good luck to any virus out there.
But some of my colleuges use that most holey of operating systems, windows... I just found it interesting.
Yeah a lot of things won't work on windows that worked on DOS, simply put DOS was 16-bit winxp is true 32, plus other improvements and a strue of patches. Patches beat a large number of viruses even ones target at windows, so keep your os up to date, wether it be Linux, BSD, MacOSX or the lesser windows.